My MEW got hacked and my tokens were stolen. I am very careful when putting my address on each bounty campaign and never sign up online which require any private key. I don't really know how I get phish or how hacker accessed my MEW. I learned my lesson and will never use private key again. Do you have any idea how I get phish? I got one in mind that a fake mew site does exist?
There's already a reminder on the MEW site that it's very risky using your private key to access your funds. You shoud have installed MetaMask instead to check or if you are going to make a transaction.